- Issue created by @MrCr0w
- 🇵🇹Portugal lolgm
I suggested a solution to this issue in #3384307-8: Access problem for Paragraph List in combination with Group module →
Hello There,
I got an issue while using the Group ( https://www.drupal.org/project/group → ) module in combination with the Layout Paragraphs ( https://www.drupal.org/project/layout_paragraphs → ) module.
Due to the nature of the problem, I wasn't able to identify if it is an issue of Group or Layout Paragraphs.
Thats why I created the issue in both modules:
Issue in Layout Paragraphs Module: https://www.drupal.org/project/layout_paragraphs/issues/3384307 💬 Access problem for Paragraph List in combination with Group module Active
The starting point of the issue is the following:
I got the content type Basic Page wich uses LayoutParagraphs
and I got a Group (called Group1) and a group member (called Member1).
I gave Member1 the permissins to
- Create and edit any type of Paragraph and Layout Paragraphs
- Create and edit 'Basic Pages' in context of Group1
My issue is, when Member1 is creating a new 'Basic Page' for Group1, I can't load the list of paragraph types for the Layput Paragraph editor.
I'm getting an 403 error for its request ('/layout-paragraphs-builder/{layout_paragraphs_layout}/choose-component', layout_paragraphs.routing.yml:37-47).
When I Save the Page, and go in Edit-Mode I am able to use the Layout Paragraphs as usual.
1. Install following moduls: Paragraphs, Paragraph Permission, Layout Paragraphs, Group
2. Create some paragraph types (examples: Text, 2 Col Layout, ...)
2. Create content type 'Basic Page' with a Layout Paragraph field
3. Grant the permissions for creating, editing and deleting all created Paragraph Types
4. Create groupg Group1
4.a. Create GroupRole 'Member' wich is assigned to all authenticated users
4.b. Grant 'Member' the permissions for creating and editing 'Basic Page' group nodes
5. Create user Member1
5.a. Add Member1 to Group1 (wich will give it the GroupRole 'Member')
6. Log in as Member1 and create a new 'Basic Page' for Group1
6.a. Try to add Paragrpahs (results in 403)
7. Save the new 'Basic Page' without Paragraphs
8. Edit the newly created 'Basic Page'
8.a. Now you can load the list of available paragraphs
Always save the new node before adding paragraphs through edit.
After searching through the code I think I found the Reason for this:
In 'LayoutParagraphsBuilderAccess::access (especially row 66)' the entity is asked, if the user is allowed to create/edit the given parent node of the Layout:
public function access(
AccountInterface $account,
LayoutParagraphsLayout $layout_paragraphs_layout,
string $operation = NULL,
string $component_uuid = NULL,
ParagraphsTypeInterface $paragraph_type = NULL
) {
// Check field access.
$access = $layout_paragraphs_layout->getParagraphsReferenceField()->access('edit', $account, TRUE);
// Check access to host entity.
$entity = $layout_paragraphs_layout->getEntity();
$lp_operation = $entity->isNew() ? 'create' : 'update';
$access = $access->andIf($entity->access($lp_operation, $account, TRUE)); // <---- differs between Neutral and Allowed
// Check access to specific paragraph entity.
if ($component_uuid) {
$paragraph = $layout_paragraphs_layout
->getComponentByUuid($component_uuid)
->getEntity();
$access = $access->andIf($paragraph->access($operation, $account, TRUE));
}
// Check access to paragraph type.
if ($paragraph_type) {
$access_handler = $this->entityTypeManager->getAccessControlHandler('paragraph');
$access = $access->andIf($access_handler->createAccess($paragraph_type->id(), $account, [], TRUE));
}
return $access;
}
For the result of this function I get the following AccessResults
For creating the node:
Drupal\Core\Access\AccessResultNeutral Object (
[cacheContexts:protected] => Array (
[0] => user.permissions
)
[cacheTags:protected] => Array (
)
[cacheMaxAge:protected] => -1
[reason:protected] =>
)
For editing the node:
Drupal\Core\Access\AccessResultAllowed Object (
[cacheContexts:protected] => Array (
[0] => user.group_permissions
[1] => user
[2] => url.query_args:key
[3] => user.permissions
)
[cacheTags:protected] => Array (
[0] => group_relationship_list:plugin:group_node:article
[1] => group_relationship_list:plugin:group_node:demo_verzeichnis_widget
[2] => group_relationship_list:plugin:group_node:event
[3] => group_relationship_list:plugin:group_node:layoutpage
[4] => group_relationship_list:plugin:group_node:news
[5] => group_relationship_list:plugin:group_node:page
[6] => group_relationship_list:plugin:group_node:studie
[7] => group_relationship_list:plugin:group_node:webform
[8] => node:557
)
[cacheMaxAge:protected] => -1
)
I think the problem here is, that when the Node is asked for its access permissions,
the relation to the group is not yet set for the newly created GroupNode.
So the returned value is Neutral.
But it might also be that this is wanted as is, and I have to add a check in the 'LayoutParagraphsBuilderAccess'
if I'm creating the new Node in a group context.
But i don't know if there is any way to find out:
1. In what context group am I
2. What permissions do I have in the given Group for the newly created Node
It seems like a bug of the Group module but might also be a missing feature (maybe one wich can be solved in a Submodule) of the Layout Paragraphs feature.
Due to my lacking experience with the AccessControll of Drupal I'm not able to find a suitable solution by myself.
Does someone have any idea how I can resolve this issue?
Sincerely
Active
3.1
Code
I suggested a solution to this issue in #3384307-8: Access problem for Paragraph List in combination with Group module →